[Federal Register Volume 77, Number 139 (Thursday, July 19, 2012)]
[Notices]
[Pages 42548-42552]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-17597]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Motor Carrier Safety Administration
[Docket No. FMCSA-2012-0243]
Privacy Act of 1974; Department of Transportation, Federal Motor
Carrier Safety Administration (FMCSA) 007 Pre-Employment Screening
Program
AGENCY: Federal Motor Carrier Safety Administration (FMCSA) Department
of Transportation (DOT).
ACTION: Notice to amend a system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the Department of
Transportation proposes to update and reissue a Department of
Transportation system of records notice titled Department of
Transportation/Federal Motor Carrier Safety Administration--007 Pre-
Employment Screening Program. The updated system of records consists of
information that is created and used by the Department's Pre-Employment
Screening program to provide commercial drivers and persons conducting
pre-employment screening services for the motor carrier industry
electronic access to driver history reports extracted from the
Department's Motor Carrier Management Information System (MCMIS).
As a result of biennial review of this system, the Privacy Office
has made the five major modifications to the systems of records. The
category of records identified as ``Financial Transaction Records'' in
the previously published System of Records Notice for this system has
been removed as the Department does not maintain these records. The
``Access Transaction Records'' record category also has been revised to
clarify the types of information maintained about the two categories of
users permitted to request access to records for the purposes of pre-
employment screening. The routine uses have been updated to clarify
disclosure of Pre-Employment Screening Program (PSP) records to
industry service providers directly involved in the hiring of
commercial motor vehicle (CMV) drivers on behalf of motor carriers and/
or CMV drivers and the routine use concerning the sharing of CMV driver
access transaction records with Validation Authorities (e.g. Lexis-
Nexis). The system owner information has been modified to omit the
contact information for the MCMIS and Freedom of Information Act
systems of records and, instead, include only contact information for
the PSP system
[[Page 42549]]
of records. Additionally, this Notice includes non-substantive changes
to simplify the formatting and text of the previously published Notice.
This updated system will be included in the Department of
Transportation's inventory of record systems.
DATES: Effective August 21, 2012. Written comments should be submitted
on or before the effective date. If no comments are received, the
proposal will become effective on the above date. If comments are
received, the comments will be considered and, where adopted, the
documents will be republished with changes.
ADDRESSES: You may submit comments, identified by Docket No. FMCSA-
2012-0243 by one of the following methods:
[squf] Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
[squf] Mail: Department of Transportation Docket Management, Room
W12-140, 1200 New Jersey Ave. SE. Washington, DC 20590.
[squf] Instructions: All submissions received must include the
agency name and docket number for this rulemaking. All comments
received will be posted without change to www.regulations.gov,
including any personal information provided.
[squf] Docket: For access to the docket to read background
documents or comments received go to www.regulations.gov. Follow the
online instructions for accessing the docket.
[squf] Fax: 202-493-2251. Instructions: You must include the agency
name and Docket Number FMCSA-2012-0243. All comments received will be
posted without change to http://www.regulations.gov, including any
personal information provided.
Privacy Act: Anyone is able to search the electronic form of all
comments received in any of our dockets by the name of the individual
submitting the comment (or signing the comment, if submitted on behalf
of an association, business, labor union, etc.). You may review DOT's
Privacy Act notice in the Federal Register published on January 17,
2008 (73 FR 3316-3317), or you may visit www.dot.gov/privacy.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov or to the street
address listed above. Follow the online instructions for accessing the
docket.
FOR FURTHER INFORMATION CONTACT: For general questions, please contact:
Arlene Thompson, (202) 366-2094, Arlene.Thompson@dot.gov. For privacy
issues please contact: Claire W. Barrett, Departmental Chief Privacy
Officer, Privacy Office, Department of Transportation, Washington, DC
20590; privacy@dot.gov; or (202) 527-3284.
SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974,
the Department of Transportation (DOT)/Federal Motor Carrier
Administration (FMCSA or Administration) proposes to update and reissue
a current DOT system of records notice titled, ``Department of
Transportation/Federal Motor Carrier Safety Administration--007 Pre-
Employment Screening Program.'' The FMCSA's primary mission is to
prevent commercial motor vehicle-related fatalities and injuries. The
FMCSA contributes to safe motor carrier operations through strong
enforcement of safety regulations; targeting high-risk carriers and
commercial motor vehicle drivers; improving safety information systems
and commercial motor vehicle technologies; strengthening commercial
motor vehicle equipment and operating standards; and increasing safety
awareness. To accomplish these activities, the FMCSA works with
Federal, State, and local enforcement agencies, the motor carrier
industry, labor safety interest groups, and others.
This system of records is used to satisfy requirements mandated by
Congress in the Safe, Accountable, Flexible, Efficient Transportation
Equity Act: A Legacy for Users, 49 U.S.C. 31150, Public Law 109-59,
Section 4117. FMCSA believes that making this driver data available to
potential employers and operator-applicants will improve the quality of
safety data and help employers make more informed decisions when hiring
commercial drivers. The PSP is a screening tool that allows motor
carriers and individual drivers to purchase driving records from the
FMCSA MCMIS system. A record purchased through PSP contains the most
recent five years of crash data and the most recent three years of
roadside inspection data, including serious safety violations for an
individual driver. The record displays a snapshot in time, based on the
most recent MCMIS data extract loaded into the PSP system.
This SORN makes four primary changes to the existing system of
records. It removes an existing category of records, clarifies the
information maintained in the ``Access Transaction Records,'' adds a
new routine use, and clarifies an existing routine use. The category of
records has been revised to exclude the category of ``Financial
Transaction Records'' as this information is maintained exclusively by
DOT's PSP Service Provider and these records are not considered federal
records under the stewardship of the DOT. The ``Access Transaction
Records'' record category was revised to clarify that information is
maintained on the two categories of users permitted to request access
to records for the purposes of pre-employment screening. In addition to
transactions initiated by motor carriers, the record will include
information on transactions initiated by industry service providers as
authorized by the routine use added as part of this system of records
notice. The category of records more clearly states the information
maintained on requests initiated by operator-applicant requesting his
or her own PSP record. This information establishes a record of account
access to ensure that operator-applicants only access their own
information. These changes have been made to more clearly reflect
existing FMCSA processes and do not introduce changes in actual
operations.
The routine uses have been updated to permit disclosure of PSP
records to industry service providers directly involved in the hiring
of commercial motor vehicle (CMV) drivers on behalf of motor carriers
and/or CMV drivers. This change reflects motor carrier business models
which may include the use of industry service providers to directly
hire commercial motor vehicle drivers on behalf of motor carriers.
Additionally, the routine use concerning the sharing of CMV driver
Access Transaction Records with Validation Authorities (e.g. Lexis-
Nexis) was clarified by removing information incorrectly included in
the routine use that should be discussed in the Notice's categories of
information.
The system owner information has been modified to include only
contact information for the PSP system of records and no longer
included information for the MCMIS and Freedom of Information Act
(FOIA) systems, which are separate and distinct system of records. The
complete system of records notices for these systems may be found at
www.dot.gov/privacy.
FMCSA plans to introduce PSP Mobile iOS Application as an
alternative means of providing information available through the PSP
Web site to the authorized users. FMCSA does not require individuals to
register or provide any PII as a condition of downloading PSP iOS
application. Individuals downloading the PSP iOS application must
fulfill Apple's registration requirements prior to downloading the
application. Apple does not provide FMCSA any PII of individuals who
download the PSP iOS application from its site. Requesters seeking
information on CMV drivers
[[Page 42550]]
through the PSP iOS mobile application can only access PSP records
using the same authorization process and data elements described in
this System of Records Notice.
This updated system will be included in DOT's inventory of record
systems.
SYSTEM NUMBER:
DOT/FMCSA 007.
SYSTEM NAME:
Department of Transportation Federal Motor Carrier Safety
Administration Pre-Employment Screening Program.
SECURITY CLASSIFICATION:
Unclassified, Sensitive.
SYSTEM LOCATION:
Records are maintained at the DOT Service Provider sites managed by
AT&T in Ashburn, VA and Allen, TX.
CATETORIES OF INDIVIDUALS COVERED BY THE SYSTEM OF RECORDS:
PSP records will include personally identifiable information (PII)
pertaining to Commercial Motor Vehicle (CMV) drivers, as defined by 49
CFR 390.5, (referred to in this system of records notice as operator-
applicants). PSP will also include access transaction records. For CMV
drivers, this will include personal information submitted by the CMV
driver to access his or her personal PSP record. For motor carriers or
authorized industry service provider, Access Transaction Records will
include the unique username and password submitted by the user to
access the PSP system and the CMV driver information submitted by the
motor carrier or authorized industry service provider to retrieve a PSP
record.
CATEGORIES OF RECORDS:
Categories of records in this system include:
CMV crash and inspection records. Data extract from the FMCSA Motor
Carrier Management Information System (MCMIS) containing the most
recent five years' crash data and the most recent three years'
inspection information for operator-applicants including:
[squf] CMV driver name (last, first)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State
Access transaction records. In the case of a motor carrier or
industry service provider accessing a CMV driver's PSP record,
transaction records include information about the subject of the
electronic record request including:
[squf] CMV driver name (last, first, middle initial)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State
Access Transaction Records also include information about the motor
carrier or industry service provider accessing the record including:
[squf] User unique system username
[squf] User unique system password
In the case of an operator-applicant requesting his or her own PSP
record, the Access Transaction Record will include:
[squf] CMV driver name (last, first, middle initial)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State
[squf] CMV driver address.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
49 U.S.C. 31150, as added by section 4117 of Public Law 109-59
[Safe, Accountable, Flexible, Efficient Transportation Equity Act: A
Legacy for Users (SAFETEA-LU)].
PURPOSE(S):
The purpose of this system is to make CMV crash and inspection
records available to authorized operator-applicants, authorized
industry service providers, and authorized motor carriers. Records
maintained in the system will also support operational management of
the PSP program.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PRUPOSES OF USE:
In addition to those disclosures generally permitted under Section
(b) of the Privacy Act, 5 U.S.C. 552a(b), all or a portion of the
records or information contained in this system may be disclosed
outside of DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as
follows:
1. To authorized industry service providers and motor carriers as
part of the operator-applicant's PSP record; authorized industry
service providers and motor carriers may use PSP records only for
purposes of pre-employment safety screening of operator-applicants and
must have the operator-applicant's consent to access the PSP record;
2. To the DOT Validation Authority (e.g., Lexis-Nexis) to verify
and validate the presented identity of the individual operator-
applicant requesting access to his or her own inspection and crash
data.
3. Other possible routine uses of the information, applicable to
all DOT Privacy Act systems of records, are published in the Federal
Register at 75 FR 82132, December 29, 2010, under ``Prefatory Statement
of General Routine Uses'' (available at http://www.dot.gov/privacy/privacyactnotices).
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS:
STORAGE:
Records in this system are stored electronically or on paper in
secure facilities. Electronic records may be stored on magnetic disc,
tape, digital media, and CD-ROM. Any paper records received or required
for purposes of processing data requests will be stored in secure file
folders at the DOT Service Provider's secure storage facility.
RETRIEVABILITY:
Records will be retrieved by using the operator-applicant's last
name, date of birth, license number, and license State.
SAFEGUARDS:
All records in the system will be protected from unauthorized
access through appropriate administrative, physical, and technical
safeguards. Electronic files will be stored in a database secured by
password security, encryption, firewalls, and secured operating
systems, to which only authorized Service Provider or DOT/FMCSA
personnel will have access, on a need-to-know basis. Paper files will
be stored in file cabinets in a locked file room to which only the
authorized Service Provider and DOT/FMCSA personnel will have access,
on a need-to-know basis. All access to the electronic system and paper
files will be logged and monitored. All PII data elements will be
encrypted in the PSP system.
The Service Provider will be subject to routine audits of the PSP
program by FMCSA to ensure compliance with the Privacy Act, applicable
sections of the Fair Credit Reporting Act and other applicable Federal
laws, regulations, or other requirements.
Access by external users (operator-applicants, authorized industry
service providers and motor carriers) will be restricted within the
system based upon the user's role as an authorized industry service
provider, motor carrier, or validated operator-applicant. An authorized
industry service provider or motor carrier is an entity or person who
has been provided a unique user identification and password and must
use the unique identification and password to access data in PSP.
External users will be able to query the CMV
[[Page 42551]]
crash and inspection database only. The Service Provider will provide
users with an advisory statement that authorized industry service
providers and motor carriers could be subject to criminal penalties and
other sanctions under 18 U.S.C. 1001 for misuse of the PSP system.
In order for an authorized industry service provider or motor
carrier to receive an individual operator-applicant's crash and
inspection data, the authorized industry service provider or motor
carrier must certify, for each request, under penalty of perjury, that
the request is for pre-employment purposes only and that written or
electronic consent of the operator-applicant has been obtained. Upon
completion of certification, the Service Provider will provide the
individual operator-applicant data to the industry service provider or
motor carrier via the secure PSP Web site. The authorized industry
service provider or motor carrier will access this individual's
information by entering a unique identification username and password.
Authorized industry service providers or motor carriers will be
required to maintain each operator-applicant's signed, written consent
form or electronic signature for five years. Authorized industry
service providers or motor carriers are subject to random audits by DOT
to ensure that written or electronic consent of operator-applicants was
obtained.
The PSP system also allows validated operator-applicants to access
their own crash and inspection data upon written or electronic request.
Upon receipt of an operator-applicant's request, the Service Provider
will validate the identity of the requestor (operator-applicant) by
using his or her full name, date of birth, driver license number,
driver license State and current address against a validation
authority.
The contractor and FMCSA have established an ongoing, random-
selection audit process to monitor compliance with the written consent
obligation. The audit requirements and penalties process is
incorporated by reference as part of the contract between FMCSA and the
contractor. The purpose of the audit requirements and penalties process
is to ensure that the account holder obtains a driver-signed consent
form prior to completing a PSP driver record inquiry in accordance with
the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., and 49 U.S.C.
31150. The contractor will penalize an account holder, who fails to
comply with the audit requirements. Based on the nature and frequency
of these violations, the contractor may send a written warning,
suspend, or terminate the account holder from the PSP.
Individuals who access the PSP system via the iOS application are
subject to the privacy policy integrated in the application.
RETENTION AND DISPOSAL:
1. CMV crash and inspection records: Pursuant to General Records
Schedule (GRS) 20 (``Electronic Records,'' February 2008, see http://www.archives.gov/records-mgmt/ardor/grs20.html), governing extract
files, each monthly MCMIS extract in PSP is deleted approximately three
months after being superseded by a current MCMIS extract, unless needed
longer for administrative, legal, audit or other operational purposes.
2. Access Transaction Records: Pursuant to GRS 24, ``Information
Technology Operations and Management Records,'' Item 6, April 2010, see
http://www.archives.gov/records-mgmt/grs/grs24.html) Access Transaction
Records are retained for a period of five years.
SYSTEM MANAGER CONTACT INFORMATION:
PSP System Manager: Office of Information Technology; Federal Motor
Carrier Safety Administration; U.S. Department of Transportation; 1200
New Jersey Avenue SE., W65-319; Washington, DC 20590.
NOTIFICATION PROCEDURE:
Operator-applicants wishing to know if their inspection and crash
records appear in this system may directly access the PSP system or
make a request in writing to the PSP System Manager identified under
``System Manager Contact Information.''
Individual operator-applicants wishing to know if their Access
Transaction Records appear in this system may make a written request to
the following address: NIC Technologies, 4601 N. Fairfax Drive, Suite
1160, Arlington, VA 22203.
Any other requests for records about yourself from this system of
records or any other Departmental system of records your request must
conform with the Privacy Act regulations set forth in 49 CFR part 10.
You must sign your request, and your signature must either be notarized
or submitted under 28 U.S.C. 1746, a law that permits statements to be
made under penalty of perjury as a substitute for notarization. While
no specific form is required, you may obtain forms for this purpose
from the Chief Freedom of Information Act Officer, http://www.dot.gov/foia or 202.366.4542. In addition you should provide the following:
An explanation of why you believe the Department would have
information on you;
[squf] Identify which component(s) of the Department you believe
may have the information about you;
[squf] Specify when you believe the records would have been
created;
[squf] Provide any other information that will help the FOIA staff
determine which DOT component agency may have responsive records; and
[squf] If your request is seeking records pertaining to another
living individual, you must include a statement from that individual
certifying his/her agreement for you to access his/her records.
Without this bulleted information the component(s) may not be able
to conduct an effective search, and your request may be denied due to
lack of specificity or lack of compliance with applicable regulations.
RECORD ACCESS PROCEDURES:
See ``Notification Procedure'' above.
CONTESTING RECORDS PROCEDURE:
Operator-applicants seeking to contest the content of information
about them in this system should apply to the System Manager by
following the same procedures as indicated under ``Notification
Procedure.'' Operator-applicants may also submit a data challenge to
FMCSA's online system to record and monitor challenges to FMCSA data,
DataQs. The system can be accessed via the DataQs Web site (https://dataqs.fmcsa.dot.gov/login.asp). The DataQs system, provides an
electronic means for operator-applicants to file concerns about Federal
and State data contained in the PSP report. Specifically, DataQs allows
an individual to challenge data maintained by FMCSA on, among other
things, crashes, inspections, registration, operating authority, safety
audits and enforcement actions. Through this system, data concerns are
automatically forwarded to the appropriate Federal or State office for
processing and resolution. Any challenges to data provided by State
agencies must be resolved by the appropriate State agency.
Additionally, FMCSA is not authorized to direct a State to change or
alter MCMIS data for violations or inspections originating within a
particular State(s). Once a State office makes a determination on the
validity of a challenge, FMCSA considers that decision as the final
resolution of the challenge. FMCSA cannot change State records without
State consent. The system also allows filers to monitor the status of
each filing.
[[Page 42552]]
RECORD SOURCE CATEGORIES:
1. CMV crash and inspection records: All commercial driver crash
and inspection data in PSP is received from a monthly MCMIS data
extract. The MCMIS SORN identifies the source(s) of the information in
MCMIS. (FMCSA modified the MCMIS SORN to describe the system's sharing
of PII with the Driver Information Resource and PSP systems. See 74 FR
66391, December 15, 2009). All DOT SORNs may be found at www.dot.gov/privacy.
2. Access transaction records: An audit trail of those entities or
persons that accessed the PSP (i.e. authorized motor carriers,
authorized industry service providers, or validated operator-
applicants) is automatically created when requests are initiated and
when data is released by the Service Provider. These records are
internal documents to be used by the Service Provider and FMCSA for
auditing, monitoring and compliance purposes.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
Issued in Washington, DC on July 13, 2012.
Claire W. Barrett,
Departmental Privacy Officer.
[FR Doc. 2012-17597 Filed 7-18-12; 8:45 am]
BILLING CODE 4910-EX-P